Bugtraq mailing list archives
Local root compromise in GNQS 3.50.6 and 3.50.7
From: philippe_andersson () STE SCITEX COM (Philippe Andersson)
Date: Wed, 22 Mar 2000 13:50:04 +0100
A large security hole was uncovered last month in Generic-NQS ver. 3.50.6 and 3.50.7. This hole leads to immediate local root compromise. All users of those versions are requested to upgrade to ver. 3.50.8 or later ASAP. The updated package can be downloaded from <http://ftp.gnqs.org/pub/gnqs/latest/production/Generic-NQS-3.50.9.tar.gz>. (Please note that versions as of 3.50.8 fail to compile on HP-UX 11.00 - a fix for this platform should be released later this week). Users of previous versions are not vulnerable. The fix introduced in ver. 3.50.8 will also log any attempt at exploiting the vulnerability. On the request of GNQS Maintainer, Stuart Herbert <S.Herbert () sheffield ac uk>, I'm not releasing the actual exploit technique, since it would allow any 5-year old with an shell account on the affected system(s) to gain root in no time. For more information about Generic-NQS, please check <http://www.gnqs.org/>. Credit for the discovery goes to Gilbert Mets, Unix System Manager @ Scitex Europe, S.A. Have a nice day. Ph. A. -- //\\ \\// ///\\\ SCITEX /*-----------------------------------------------------------------*/ /* Scitex Europe, S.A. | Philippe Andersson */ /* Dreve Richelle, 161, E-F,| PC & Network Specialist */ /* 1410 WATERLOO | philippe_andersson () ste scitex com */ /* BELGIUM | +32-2-352.25.93 Fax: +32-2-352.25.84 */ /*-----------------------------------------------------------------*/ <HR NOSHADE> <UL> <LI>text/x-vcard attachment: Card for Philippe Andersson </UL>
Current thread:
- [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags Vanja Hrustic (Mar 17)
- <Possible follow-ups>
- Re: [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags amonotod (Mar 21)
- Re: [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp'tags Vanja Hrustic (Mar 22)
- Re: [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp'tags Peter W (Mar 22)
- Subtle data corruption of TCP streams Wietse Venema (Mar 22)
- Re: Subtle data corruption of TCP streams Guido van Rooij (Mar 24)
- Local Linux Crash Javor Ninov (Mar 24)
- Re: [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp'tags Vanja Hrustic (Mar 22)
- Local root compromise in GNQS 3.50.6 and 3.50.7 Philippe Andersson (Mar 22)
- Re: [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp'tags Doug Monroe (Mar 22)
- Re: [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags jobs () NETWORKCOMMAND COM (Mar 22)
- Re: [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags Phydeaux (Mar 22)